<?php
include 'includes/application_top.inc';
$myusername = $_REQUEST['login'];
$mypassword = $_REQUEST['pass'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mypassword = md5($mypassword);
$sql = "SELECT * FROM url_users WHERE email='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
//$row = mysql_fetch_array($results);

//print_r($row);
//echo "--------------";
// Mysql_num_row is counting table row
$numrow = mysql_num_rows($result);
//echo "*//*************";

// If result matched $myusername and $mypassword, table row must be 1 row
if ($numrow == 1) {
	// Register $myusername, $mypassword and redirect to file "login_success.php"
	$row = mysql_fetch_array($result);
	$login = $row['email'];
	$first_name = $row['first_name'];
	$u_id = $row['u_id'];
	$sql = "Select * FROM user_rights_ref where user_id=" . $u_id;
	$query = mysql_query($sql);
	$i = 1;
	while ($rows = mysql_fetch_array($query)) {

		$right = "rights_" . $i;
		$_SESSION[$right] = $rows['rights_id'];
		// echo "<br>";
		$i++;
	}
	//echo "<pre>";
	// print_r($row);
	$_SESSION['u_id'] = $u_id;
	$_SESSION['email'] = $login;
	$_SESSION['first_name'] = $first_name;
	//print_r($_SESSION);
	//echo "++++++++++++";
	//print_r($row);
	//echo "**************";
	//print_r($_REQUEST);
	header("location:dashboard.php");
} else {
	//echo "++++++++++++++";
	//print_r($_REQUEST);
	//print_r($_SESSION);
	header("location:index.php?err=emsg");

}
?>